HowTo.UseDropBearForRemoteAccess History

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding and support for SFTP (which is quicker than SCP). [Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear?]

to:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding and support for SFTP (which is quicker than SCP). [Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear ].

Changed lines 106-107 from:

Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear?.

to:

Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear.

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding and support for SFTP (which is quicker than SCP).

to:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding and support for SFTP (which is quicker than SCP). [Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear?]

Changed lines 106-107 from:

to:

Note: it seems if OpenSSH with sftp server is installed, DropBear can make use of the openssh-sftp-server even if OpenSSH is not running; at least for me it works while still having the low in-memory footprint of DropBear?.

11) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.ppk file that you created and saved in (6).

to:

11) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.ppk file that you created and saved in (8).

For example, if my NSLU2 was called LKG0FD5B0 and this key was for the root ID, I would type:# echo ssh-rsa AAAAB3Nza......TYUBWWtCWOGc= root@LKG0FD5B0 > authorized_keys

Changed lines 39-40 from:

9) Copy the public key similar to the string in (5) above to the clipboard. Now what we need to do is load that public key as an authorized key for 'root'. (I'm assuming that if you want to authorise another user you will execute the same pattern).

to:

9) Copy the public key similar to the string in (7) above to the clipboard. Now what we need to do is load that public key as an authorized key for 'root'. (I'm assuming that if you want to authorise another user you will execute the same pattern).

NOTE:
I found problems using nano (small compact file editor) to create the file, because it kept changing the spacing and carriage returns which causes the key not to validate. The whole key should be on a single line.

If you want to be able to access your files, upload and download over SSH then you need an SCP client. For myself, wanting to access my files over the internet securely from my Windows box at work, I downloaded WinSCP (http://winscp.sourceforge.net/) and simply configured it up, by entering the IP address, pointing to the key file and entering the username. It worked out of the box, I could browse all the files on the SLUG as if logged in to console.

to:

If you want to be able to access your files, upload and download over SSH then you need an SCP client. For myself, wanting to access my files over the internet securely from my Windows box at work, I downloaded WinSCP (http://winscp.net/) and simply configured it up, by entering the IP address, pointing to the key file and entering the username. It worked out of the box, I could browse all the files on the SLUG as if logged in to console.

WinSCP minimises the amount of time you spend bashing away at the keyboard to achieve simple tasks, while simultaneously providing a better picture of what goes on in the Slug.

When logging in with WinSCP and using SCP with DropBear, you may receive an error message referring to the command: "groups". This command may well be absent in the slug. In WinSCP, at the login window, select "Advanced options". In the tree, select "Environment->SCP". Untick "Lookup user groups" and save your login profile.

DropBear or OpenSSH? Have a look here: (http://winscp.net/eng/docs/protocols)

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding.

to:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding and support for SFTP (which is quicker than SCP).

5) Now we need to generate some keys. So run Start->Programs->Putty->Puttygen key generation program. Click the "generate" button to generate some new keys. In the top part of the window you will see a public key string something like the following (The key here has been shortened for display purposes. Your generated key will be a much longer string):

to:

5) If you intend to use a shell other than sh (e.g. /opt/bin/bash) then you need to create an /etc/shells file with the following contents:

/opt/bin/bash

6) You can now connect using your client. If you stop at this point then the NSLU2 will allow all connections to be made, and may potentially have the client complain about unknown keys. If this doesn't concern you (and for general use, it shouldn't) then you can stop at this point.

7) Now we need to generate some keys. So run Start->Programs->Putty->Puttygen key generation program. Click the "generate" button to generate some new keys. In the top part of the window you will see a public key string something like the following (The key here has been shortened for display purposes. Your generated key will be a much longer string):

Changed line 33 from:

6) First of all save your private key pair (*.ppk) file with a password to encrypt it.

to:

8) First of all save your private key pair (*.ppk) file with a password to encrypt it.

Changed line 35 from:

7) Copy the public key similar to the string in (5) above to the clipboard. Now what we need to do is load that public key as an authorized key for 'root'. (I'm assuming that if you want to authorise another user you will execute the same pattern).

to:

9) Copy the public key similar to the string in (5) above to the clipboard. Now what we need to do is load that public key as an authorized key for 'root'. (I'm assuming that if you want to authorise another user you will execute the same pattern).

Changed line 52 from:

8) OK so that should get us ready for authentication by key file. Furthermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

to:

10) OK so that should get us ready for authentication by key file. Furthermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

Changed line 71 from:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.ppk file that you created and saved in (6).

to:

11) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.ppk file that you created and saved in (6).

Changed line 73 from:

10) Click open and when requested log in as 'root'. It should authenticate using the keys and a shell prompt will appear.

to:

12) Click open and when requested log in as 'root'. It should authenticate using the keys and a shell prompt will appear.

6) First of all save your private key pair (*.puk) file with a password to encrypt it.

to:

6) First of all save your private key pair (*.ppk) file with a password to encrypt it.

Changed line 66 from:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.puk file that you created and saved in (6).

to:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.ppk file that you created and saved in (6).

This HowTo covers the setup and usage of the DropBear? secure shell for remote command line access.

to:

This howto covers the setup and usage of the DropBear secure shell for remote command line access. DropBear is a much more light weight implementation of a SSH daemon than OpenSSH which also requires the OpenSSL libraries. DropBear however does not have some of the features that OpenSSH includes like agent forwarding.

Changed line 3 from:

I have a Windows 2000 machine which I want to be able to use from work (behind a number of firewalls) to access the slug on my home broadband network. So what do I need to do?

to:

I have a Windows 2000 machine which I want to be able to use from work (behind a number of firewalls) to access the slug on my home broadband network. So what do I need to do?

Changed line 7 from:

2) Install the dropbear package which gives you your SSH daemon. You can do this by executing the following via telnet

to:

2) Install the DropBear package which gives you your SSH daemon. You can do this by executing the following via telnet.

Changed line 12 from:

3) Reboot and check dropbear is running.

to:

3) Reboot and check DropBear is running.

Changed line 20 from:

4) OK so it's running. What the heck do you do now? Well, you need to get an ssh client for your windows box. I use the free client called Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/) so that's what I'm going to talk about here. Download it and install.

to:

4) OK so it's running. What the heck do you do now? Well, you need to get an SSH client for your Windows box. I use the free client called Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/) so that's what I'm going to talk about here. Download it and install.

Changed line 22 from:

5) Now we need to generate some keys. So run Programs>Putty>Puttygen key generation program. Click the "generate" button to generate some new keys. In the top part of the windw you will see a public key string something like the following:

to:

5) Now we need to generate some keys. So run Start->Programs->Putty->Puttygen key generation program. Click the "generate" button to generate some new keys. In the top part of the window you will see a public key string something like the following (The key here has been shortened for display purposes. Your generated key will be a much longer string):

Once we have this we want to save our public key into the authorized keys filw which can be done easily as follows:

to:

Once we have this we want to save our public key into the authorized keys file which can be done easily as follows (The key here has been shortened for display purposes. Your generated key will be a much longer string):

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

to:

8) OK so that should get us ready for authentication by key file. Furthermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

Changed line 66 from:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start Programs>Putty>Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication as by key - pointing the key to the *.puk file that you created and saved in (6).

to:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start->Programs->Putty->Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication by key - pointing the key to the *.puk file that you created and saved in (6).

Changed line 68 from:

10) Click open and when requested log in as 'root'. The keys should authenticate and a prompt appears.

to:

10) Click open and when requested log in as 'root'. It should authenticate using the keys and a shell prompt will appear.

Changed lines 82-84 from:

If you want to be able to access your files, upload and download over SSH then you need an SCP client. For myself, wanting to access my files over the internet securely from my Windows box at work, I downloaded WinSCP (http://winscp.sourceforge.net/) and simply configured it up, by entering the IP address, pointing to the Key file and entering the username. It worked out of the box, I could browse all the files on the SLUG as if logged in to console.

to:

If you want to be able to access your files, upload and download over SSH then you need an SCP client. For myself, wanting to access my files over the internet securely from my Windows box at work, I downloaded WinSCP (http://winscp.sourceforge.net/) and simply configured it up, by entering the IP address, pointing to the key file and entering the username. It worked out of the box, I could browse all the files on the SLUG as if logged in to console.

If you want to be able to access your files, upload and download over SSH then you need an SCP client. For myself, wanting to access my files over the internet securely from my Windows box at work, I downloaded WinSCP (http://winscp.sourceforge.net/) and simply configured it up, by entering the IP address, pointing to the Key file and entering the username. It worked out of the box, I could browse all the files on the SLUG as if logged in to console.

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start Programs>Putty>Putty. It will come up with the options for the server (IP address etc) which you need to set (note that the Port number is 22 - the same as FTP - which is useful for tunnelling through firewalls if your firewalls allow FTP access). Also set up the SSH authentication as by key - pointing the key to the *.puk file that you created and saved in (6).

to:

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start Programs>Putty>Putty. It will come up with the options for the server (IP address etc) which you need to set. Also set up the SSH authentication as by key - pointing the key to the *.puk file that you created and saved in (6).

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill: -># ps-efWe need to kill all the dropbear processes by their PID using the following: -># kill -9 xxx <- where xxx is replaced with the IDs? as listed in the ps command output above \\

to:

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

# ps-ef

We need to kill all the dropbear processes by their PID using the following:

# kill -9 xxx <- where xxx is replaced with the IDs? as listed in the ps command output above

Changed lines 56-57 from:

# /opt/sbin/dropbear -s \\

to:

# /opt/sbin/dropbear -s

Changed line 64 from:

Authenticating with public key "root@slug" from agent

to:

Authenticating with public key "root@slug" from agent

Added lines 69-71:

To Do

Need to work out where dropbear is started by the system so that the -s option can be persisted over a reboot.

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

# ps-ef

We need to kill all the dropbear processes by their PID using the following:

# kill -9 xxx <- where xxx is replaced with the IDs? as listed in the ps command output above

to:

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill: -># ps-efWe need to kill all the dropbear processes by their PID using the following: -># kill -9 xxx <- where xxx is replaced with the IDs? as listed in the ps command output above \\

Changed lines 43-44 from:

# /opt/sbin/dropbear -s

to:

# /opt/sbin/dropbear -s \\

Changed line 50 from:

Authenticating with public key "root@slug" from agent

to:

Authenticating with public key "root@slug" from agent

Deleted line 53:

To Do

Deleted line 54:

Restart dropbear automatically by modifying the startup script - got to find it first

2) Install the dropbear package which gives you your SSH daemon. You can do this by executing the following via telnet

# ipkg update# ipkg install dropbear

3) Reboot and check dropbear is running.

# ps -ef

And look for a line something like the following:

692 root 1628 S dropbear

4) OK so it's running. What the heck do you do now? Well, you need to get an ssh client for your windows box. I use the free client called Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/) so that's what I'm going to talk about here. Download it and install.

5) Now we need to generate some keys. So run Programs>Putty>Puttygen key generation program. Click the "generate" button to generate some new keys. In the top part of the windw you will see a public key string something like the following:

6) First of all save your private key pair (*.puk) file with a password to encrypt it.

7) Copy the public key similar to the string in (5) above to the clipboard. Now what we need to do is load that public key as an authorized key for 'root'. (I'm assuming that if you want to authorise another user you will execute the same pattern).

First of all telnet into the SLUG as the user we want to authorise (e.g. root) and change to the root directory:

# cd ~/

Now create the hidden directory for the ssh settings:

# mkdir .ssh# cd .ssh

Once we have this we want to save our public key into the authorized keys filw which can be done easily as follows:

Check that this file is not editable by anyone but the current user ensure that the write permissions are write only for the user (i.e. have a mask like -rwxr--r-- when you do an ls -l)

8) OK so that should get us ready for authentication by key file. Futhermore we can prevent anyone logging in as root via SSH without a key. What we need to do is kill the currently running dropbear processes and restart them with the -s option. So lets find the processes to kill:

# ps-ef

We need to kill all the dropbear processes by their PID using the following:

# kill -9 xxx <- where xxx is replaced with the IDs? as listed in the ps command output above

Now we need to restart dropbear with the login with keys only option:

# /opt/sbin/dropbear -s

9) Having set up the server as we want it all we have to do now is to connect with Putty. Start Programs>Putty>Putty. It will come up with the options for the server (IP address etc) which you need to set (note that the Port number is 22 - the same as FTP - which is useful for tunnelling through firewalls if your firewalls allow FTP access). Also set up the SSH authentication as by key - pointing the key to the *.puk file that you created and saved in (6).

10) Click open and when requested log in as 'root'. The keys should authenticate and a prompt appears.

login as: rootAuthenticating with public key "root@slug" from agent

Voila!!

To Do

Restart dropbear automatically by modifying the startup script - got to find it first